File CVE-2011-0014.patch of Package compat-openssl098.31475

Index: openssl-0.9.8k/ssl/t1_lib.c
===================================================================
--- openssl-0.9.8k.orig/ssl/t1_lib.c
+++ openssl-0.9.8k/ssl/t1_lib.c
@@ -531,6 +531,7 @@ int ssl_parse_clienthello_tlsext(SSL *s,
 						}
 					n2s(data, idsize);
 					dsize -= 2 + idsize;
+					size -= 2 + idsize;
 					if (dsize < 0)
 						{
 						*al = SSL_AD_DECODE_ERROR;
@@ -569,9 +570,14 @@ int ssl_parse_clienthello_tlsext(SSL *s,
 					}
 
 				/* Read in request_extensions */
+				if (size < 2)
+				{
+					*al = SSL_AD_DECODE_ERROR;
+					return 0;
+				}
 				n2s(data,dsize);
 				size -= 2;
-				if (dsize > size) 
+				if (dsize != size) 
 					{
 					*al = SSL_AD_DECODE_ERROR;
 					return 0;